Incident Response Planning

Incident Response Planning
Incident Response Planning
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 55m | 539 MB

If your organization is the victim of a cyberattack, are you ready to respond? In this course, learn how to effectively create, provision, and operate a formal incident response capability within your organization to minimize the damage a cyberattack might cause. Instructor Jason Dion fully covers the guidance provided in NIST Special Publication 800-61, as well as recommendations based upon practical experience from the field. Learn about the different elements of policies, plans, and procedures; how to best guide your team; how to conduct a business impact analysis before, during, and after an incident; how to leverage various containment strategies; and other essential aspects of incident response at the management level.

Topics include:

  • Differences between events and incidents
  • Elements of policies, plans, and procedures
  • The structure of the incident response team
  • Selecting a team model
  • Leading a team during an incident
  • Internal information sharing
  • Incident prevention
  • Detection and analysis
  • Containment, eradication, and recovery
  • Calculating the cost of an incident
Table of Contents

1 The importance of incident response planning
2 The need for a plan
3 The incident response life-cycle

Incident Response Planning
4 Events and incidents
5 Policy, plans, and procedures
6 Elements of a policy
7 Elements of a plan
8 Elements of a procedure

Incident Response Team
9 Incident response team structure
10 Different team models
11 Selecting a team model
12 Incident response personnel
13 Leading the team
14 Organizational dependencies

15 Coordinating your efforts
16 Internal information sharing
17 Business impact analysis
18 Technical analysis
19 External information sharing

20 Preparation
21 Communications and facilities
22 Hardware and software
23 Technical resources and information
24 Software resources
25 Incident prevention

Detection and Analysis
26 Attack vectors
27 Detecting an incident
28 Indicators of compromise
29 Conducting analysis
30 Documenting the incident
31 Prioritizing the incident
32 Notification procedures

Containment, Eradication, and Recovery
33 Containment strategies
34 Evidence collection and handling
35 Identifying the attacker
36 Eradication and recovery

Post-Incident Activity
37 Lessons learned
38 Metrics and measures
39 Retaining the evidence
40 Calculating the cost

41 What to do next